using a switch behind the cisco 1841 router to split t1 signal, secure?

By haoleberry ·
I am a telecommuter who is in an internet dead zone therefore I have had a T1 line for a few years but now I am going to have to pay for it (budget trimming) so I wanted to understandably use the T1 for work and home PC, but in-house IT says it is not secure. I hired a private network guy who says otherwise using a Linksys E1200 as a switch, the company Cisco 1841 and ethernet port on cisco configured for VLAN. Unfortunately, in-house IT still says no, too risky. I say BS. Other telecommuters for company who R on cable or DSL can split their cnx. What gives? Looking for the truth.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Well for starters I would go with what

by OH Smeg Moderator In reply to using a switch behind the ...

The IT Division says.

Splitting any line to more than the 1 system leaves the risk of others on the system breaking into the Work System even accidentally. At a worst case scenario a massive amount of damage could be done.

It's secure from the point of view that provided you are not using any form of Wireless someone has to get into the house to access the Work System but if there is any WiFi Involved even a Hardwired NB with a Open WiFi Connection there is the risk of someone else unknown accessing the internal LAN and subsequently the Work System.


Collapse -


by robo_dev In reply to using a switch behind the ...

So now you have two T1 connections into your house, and you want to use only one?

One personal one, and one provided to connect to your office?

How do you connect to the office, via VPN?

Collapse -

Reponse To Answer

by haoleberry In reply to Clarify

no just one T1 connection but my entire house is wired with CAT5E cable leading me to believe through my research that sharing this connection is possible by employing the linksys/cisco e1200 as a switch. we did a test run and it worked. i was told if my subnet mask was increased to six-host, then i could add my PC, with the switch, etc. thanks for your help. -haoleberry

Collapse -

layer it with . . .

by Who Am I Really In reply to using a switch behind the ...

stacked / cascaded routers

(Router A)
(Router B) (Router C)

T1 provides WAN IP address
Router A is DHCP Client of the T1 line
and is also DHCP server that provides NAT & DHCP to both Router B and Router C

Router B and Router C are DHCP Clients of Router A and are also DHCP servers with different subnets for the 2 separate LANs

T1 (WAN IP from ISP)
Router A SubNet
Router B SubNet
Router C SubNet

layout is as follows:
T1 connects to WAN Port of Router A
Router A LAN Ports connects to WAN Ports of Router B and Router C
LAN Ports of Router B and Router C connects to internal networks
Router B is for "work" network
Router C is for "home" network

Collapse -

Reponse To Answer

by haoleberry In reply to layer it with . . .

just to clarify, using the above configuration would be just as secure as any other telecommuter who is connecting to the work network using cable or DSL and using it for both home and work? thanx

Collapse -

It depends on the setup

by IcebergTitanic In reply to using a switch behind the ...

Often a T1 comes into the LAN *behind* the firewall, directly connected. T1 site to site connections are often considered a "trusted" connection since they only go to one place, which is the other end of the T1 connection.

DSL and Cable connections to a corporate LAN are usually done via VPN connection, and access controls are handled by the firewall on the outside, which is also the receiving end of the VPN.

If you're hoping to use the other end of the T1 as an internet connection for the rest of your computers, than your IT staff has a point. Effectively, your computers, which are outside their sphere of control, would be on the same network as their LAN. So, when you accidentally get a virus on one of your home computers, you risk exposing the entire network to that virus or to the remote access enabled by that virus, because you're inside the LAN rather than coming in outside.

More likely what you're actually being told by your IT department is "Your request makes the network setup much more complex, and we're not going to expend the time and money to accommodate your request as it's outside the normal setup. Not only that, but we're not going to spend time trying to diagnose why you suddenly can't do your work because your kid has logged on to Pandora over the T1 with his ipod and you don't realize it."

Collapse -

Reponse To Answer

by haoleberry In reply to It depends on the setup

Thank U for making me smile for the first time in days-I think U hit the nail on the head.

Collapse -

Difficult one!

by gdburton In reply to using a switch behind the ...

I agree that there is no reason why a secure set-up can not be set-up to do what you need. However getting the IT department to spend their time on it as a "one off" solution is not easy.

I assume that you were not able to use the service for private use when the company paid the fees. So you are wanting to get something out of the fact that you are being asked to foot the bill.

You may have to get 2 depts in the company to talk together (and maybe find a referee too!). If one section is saying you have to pay the connection costs, and the other is saying that that you can't use the service you will be paying for for private use, because they can't be bothered to sort out a secure method to do it, somebody should be ready to see a middle ground.

It will depend on the amount to "clout" you have to make people see the position you have been put in.
(UK perspective, no idea how legal position may be be different in US.)

Collapse -


by haoleberry In reply to using a switch behind the ...

thank you so much for your perspective; right you are! the politics are so thick on this one you could cut it with a knife. ever heard of "IronPort?" they use it for guest network. wouldn't IronPort work for my situation if they are concerned about a virus invading from my end?

Collapse -

Reponse To Answer

by OH Smeg Moderator In reply to security

Technical it should but to be perfectly honest there are No Guarantees here.

Here I think you'll find that the IT Department has this forced on them by the Internal Politics and Lack of Budget, maybe even someone higher up the Food Chain Determining what they need regardless of what the IT Department asked for or wanted.

It's not the first time that I've run across Chief Embezzlement Officers or Chief Fraud Officers who Know better than everyone else and get sold on some Slick Boucher for a product that simply doesn't work the way that it's described. The Chief Fraud officers think that because they get to spend money they know better than everyone else so they order something without first asking will it do the required job.

As for Ironport it's a Cisco Product Mainly aimed at preventing E Mail threats. The Full Description is Cisco IronPort Email Security Appliances protect against messaging threats. They're easy to manage, flexible, and provide details about content entering and leaving your email system.

Full details can be found here


Related Discussions

Related Forums